Log in

Hotfix-2007-03-20

This hotfix corrects a cross-site scripting vulnerability in Zope2, where an attacker can use a hidden GET request to leverage a authenticated user's credentials to alter security settings and/or user accounts.

A vulnerability has been discovered in Zope, where by certain types of
misuse of HTTP GET, an attacker could gain elevated privileges. All
Zope versions up to and including 2.10.2 are affected.

Copyright (c) 2011 Zope Foundation. All rights reserved.
Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best.
Plone makes heavy use of CSS, which means it is accessible to any internet browser,
but the design needs a
standards-compliant browser to look like we intended it.
Just so you know ;)